From a1da75e7d62807df32d2babfc70cd67ab91fe91d Mon Sep 17 00:00:00 2001
From: Kees Cook <keescook@chromium.org>
Date: Fri, 11 Jan 2013 12:52:03 +0100
Subject: [PATCH] proc.5: Document /proc/sys/kernel/dmesg_restrict

Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
---
 man5/proc.5 | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/man5/proc.5 b/man5/proc.5
index 80469171b..7a132e39f 100644
--- a/man5/proc.5
+++ b/man5/proc.5
@@ -2560,6 +2560,19 @@ mode, the ctrl-alt-del is intercepted by the program before it
 ever reaches the kernel tty layer, and it's up to the program
 to decide what to do with it.
 .TP
+.IR /proc/sys/kernel/dmesg_restrict " (since Linux 2.6.37)"
+The value in this file determines who can see kernel syslog contents.
+A value of 0 in this file imposes no restrictions.
+If the value is 1, only privileged users can read the kernel syslog.
+(See
+.BR syslog (2)
+for more details.)
+Since Linux 3.4,
+.\" commit 620f6e8e855d6d447688a5f67a4e176944a084e8
+only users with the
+.BR CAP_SYS_ADMIN
+capability may change the value in this file.
+.TP
 .IR /proc/sys/kernel/domainname " and " /proc/sys/kernel/hostname
 can be used to set the NIS/YP domainname and the
 hostname of your box in exactly the same way as the commands